pomalé vypínání PC Vyřešeno

[Hugouš]

Po reinstalaci PC (WIN XP) mám problém s vypínáním PC. Po kliknutí na vypnout nebo restartovat trvá zhruba 2 minuty než zmizí plocha s ikonama. Pak už jde vše rychle. Po čisté reinstalaci XP to nedělalo, postupně jsem doinstalovával aplikace. Dá se říci, že nezávisle na tom, co jsem nainstaloval, to začne v určité chvíli dělat (např. po instalaci Skype, po instalaci SW od Creative, po instalaci Power DVD).
Kdo mi můžete poradit? Pro jistotu přikládám HiJack This log.
Dík Jirka

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:09:19, on 28.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Creative\Volume Panel\VolPanlu.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=081209 serial=dr12wrx-0528354-geg lang=CZ
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9261 bytes

[Reklama]

[Damned]

Odinstaluj si: Logitech Desktop Messenger.

Spusť HJT, vypni prohlížeče, odpoj se od internetu a fixni (zatrhnout políčko před hodnotou, zmáčknout
"Fix checked"):

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Hugouš]

Tak jsem vše provedl alog je zde:

Malwarebytes' Anti-Malware 1.39
Verze databáze: 2527
Windows 5.1.2600 Service Pack 3

29.7.2009 19:24:31
mbam-log-2009-07-29 (19-24-31).txt

Typ skenu: Rychlý sken
Objektu skenováno: 97150
Uplynulý cas: 6 minute(s), 47 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[Damned]

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Hugouš]

Log z ComboFixu

ComboFix 09-07-29.01 - Jirka 29.07.2009 21:08.1.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1372 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-06-28 do 2009-07-29 )))))))))))))))))))))))))))))))
.

2009-07-29 17:16 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-29 17:16 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-29 17:16 . 2009-07-29 17:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 20:08 . 2009-07-28 20:08 -------- d-----w- c:\program files\Trend Micro
2009-07-28 19:05 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-28 19:05 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-28 17:32 . 2009-07-28 17:32 -------- d-----w- c:\program files\Common Files\Corel
2009-07-28 17:32 . 2009-07-28 17:32 -------- d-----w- c:\program files\Corel
2009-07-26 06:48 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-25 21:53 . 1999-12-12 23:01 44032 ------w- c:\windows\system32\CTSVCCDA.EXE
2009-07-25 21:53 . 1999-11-17 23:00 25088 ------w- c:\windows\system32\CTSVCCTL.EXE
2009-07-25 21:52 . 2009-07-25 21:52 -------- d--h--w- c:\program files\Creative Installation Information
2009-07-25 21:52 . 2009-07-25 21:52 -------- d-----w- c:\program files\Common Files\Creative
2009-07-25 20:54 . 2009-07-25 20:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-25 20:53 . 2009-07-25 20:53 -------- d-----w- c:\program files\Common Files\Skype
2009-07-25 20:53 . 2009-07-25 20:53 -------- d-----r- c:\program files\Skype
2009-07-25 20:14 . 2009-07-25 20:14 -------- d-----w- c:\program files\Ashampoo
2009-07-25 18:27 . 2006-08-30 13:43 70784 ----a-w- c:\windows\system32\drivers\mv61xx.sys
2009-07-25 18:13 . 2009-07-25 18:13 -------- d-----w- c:\program files\Innovative Solutions
2009-07-25 15:19 . 2009-07-25 15:28 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-25 15:19 . 2009-07-25 15:28 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-25 15:19 . 2009-07-25 15:28 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-25 15:18 . 2009-07-25 15:18 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-25 14:34 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-07-25 14:34 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-07-25 14:19 . 2009-07-25 14:19 -------- d--h--w- C:\CanoScan
2009-07-25 14:19 . 2003-01-29 08:43 745472 ----a-w- c:\windows\system32\CNQA2403.dll
2009-07-25 14:19 . 2003-01-16 06:43 36864 ----a-w- c:\windows\system32\CNQU81.DLL
2009-07-25 14:19 . 2003-01-16 06:43 204800 ----a-w- c:\windows\system32\CNQL2403.dll
2009-07-25 14:19 . 2003-01-15 10:39 389180 ----a-w- c:\windows\system32\UCS32P.DLL
2009-07-25 10:17 . 2002-10-01 07:22 9856 ------w- c:\windows\system32\drivers\pfc.sys
2009-07-25 10:17 . 2009-07-25 10:17 -------- d-----w- c:\program files\ArcSoft
2009-07-25 10:17 . 1999-05-26 07:46 212480 ----a-w- c:\windows\pcdlib32.dll
2009-07-25 09:29 . 2009-07-25 09:29 -------- d-----w- c:\program files\MSXML 4.0
2009-07-23 21:19 . 2009-07-23 21:19 306432 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-23 21:19 . 2007-12-20 08:41 29440 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-23 21:19 . 2009-07-23 21:19 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-07-23 21:18 . 2009-07-23 21:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-23 21:17 . 2009-07-23 21:17 -------- d-----w- C:\CAPELLA2
2009-07-23 21:17 . 1996-02-22 01:20 25104 ----a-w- c:\windows\system\CTL3D.DLL
2009-07-23 21:11 . 2009-07-23 21:15 -------- d-----w- c:\program files\SuperEasy Software
2009-07-23 21:02 . 2009-07-23 21:02 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-07-23 21:02 . 2009-07-23 21:02 -------- d-----w- c:\program files\ACD Systems
2009-07-23 21:00 . 2009-07-23 21:00 -------- d-----w- c:\windows\Downloaded Installations
2009-07-23 20:46 . 2009-07-23 20:46 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-07-23 20:46 . 2009-07-29 07:07 -------- d-----w- c:\program files\DVDFab 6
2009-07-23 20:39 . 2003-12-24 05:00 7680 ----a-w- c:\windows\system32\CNMVS5x.DLL
2009-07-23 20:39 . 2003-12-24 05:00 113152 ----a-w- c:\windows\system32\CNMLM5x.DLL
2009-07-23 20:39 . 2003-08-27 12:11 86016 ----a-r- c:\windows\system32\CNMCP5x.exe
2009-07-23 20:39 . 2009-07-23 20:39 -------- d--h--w- C:\BJPrinter
2009-07-23 20:23 . 2009-07-23 20:24 -------- d-----w- C:\totalcmd
2009-07-23 20:23 . 2008-08-08 05:04 545 ----a-w- c:\windows\UC.PIF
2009-07-23 20:23 . 2008-08-08 05:04 545 ----a-w- c:\windows\RAR.PIF
2009-07-23 20:23 . 2008-08-08 05:04 545 ----a-w- c:\windows\PKZIP.PIF
2009-07-23 20:23 . 2008-08-08 05:04 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-07-23 20:23 . 2008-08-08 05:04 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-07-23 20:23 . 2008-08-08 05:04 545 ----a-w- c:\windows\LHA.PIF
2009-07-23 20:23 . 2008-08-08 05:04 545 ----a-w- c:\windows\ARJ.PIF
2009-07-22 21:03 . 2007-03-21 18:39 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2009-07-22 21:03 . 2007-03-21 18:33 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2009-07-22 21:03 . 2007-03-21 18:33 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2009-07-22 21:01 . 2008-01-19 18:12 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2009-07-22 21:01 . 2008-01-19 17:40 15088 ----a-w- c:\windows\system32\drivers\vproeventmonitor.sys
2009-07-22 21:01 . 2008-01-19 17:45 38112 ----a-w- c:\windows\system32\drivers\v2imount.sys
2009-07-22 21:01 . 2007-12-20 15:13 136416 ----a-w- c:\windows\system32\drivers\symsnap.sys
2009-07-22 21:00 . 2009-07-22 21:00 -------- d-----w- c:\program files\Norton Ghost
2009-07-22 20:33 . 2008-04-13 22:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-07-22 20:33 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-07-22 20:33 . 2009-07-22 20:33 -------- d-----w- c:\program files\Common Files\CANON
2009-07-22 20:30 . 2006-09-13 05:00 197632 ----a-w- c:\windows\system32\CNMLM86.DLL
2009-07-22 20:30 . 2009-07-22 20:30 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2009-07-22 20:29 . 2009-07-22 20:29 -------- d--h--w- c:\program files\CanonBJ
2009-07-22 20:28 . 2009-07-25 14:29 -------- d-----w- c:\program files\Canon
2009-07-22 20:24 . 2009-07-22 20:24 -------- d-----w- c:\documents and settings\administrator\oblíbené položky
2009-07-22 20:24 . 2009-07-22 20:24 -------- d-----w- c:\documents and settings\administrator.jirka-25e1394e7\oblíbené položky
2009-07-22 20:24 . 2009-07-22 20:24 -------- d-----w- c:\documents and settings\administrator.jirka-25e1394e7
2009-07-22 20:24 . 2009-07-22 20:24 -------- d-----w- c:\documents and settings\administrator
2009-07-22 20:15 . 2009-07-22 20:15 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-22 20:13 . 2009-07-22 20:14 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-07-22 20:13 . 2009-07-22 20:13 -------- d-----w- c:\windows\system32\LogFiles
2009-07-22 20:08 . 2008-04-14 06:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-07-22 20:03 . 2009-07-22 20:03 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2009-07-22 20:02 . 2008-02-04 08:27 102400 ----a-w- c:\windows\system32\cttele32.dll
2009-07-22 20:02 . 2009-07-22 20:02 -------- d-----w- c:\program files\OpenAL
2009-07-22 19:58 . 2009-05-18 12:34 22691984 ----a-w- c:\windows\system32\AppSetup.exe
2009-07-22 19:48 . 2006-01-06 16:45 34432 ----a-r- c:\windows\system32\drivers\mv614x.sys
2009-07-22 19:24 . 2009-06-04 00:47 347080 ----a-w- c:\windows\system32\drivers\ctdvda2k.sys
2009-07-22 19:16 . 2009-07-25 21:54 -------- d-----w- c:\program files\Creative

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 17:04 . 2009-07-22 18:23 -------- d-----w- c:\program files\Logitech
2009-07-28 17:32 . 2009-07-22 17:08 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-26 08:16 . 2004-08-18 12:00 79062 ----a-w- c:\windows\system32\perfc005.dat
2009-07-26 08:16 . 2004-08-18 12:00 432004 ----a-w- c:\windows\system32\perfh005.dat
2009-07-25 21:54 . 2009-07-22 17:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-25 16:06 . 2009-07-22 18:25 -------- d-----w- c:\program files\CyberLink
2009-07-25 14:56 . 2009-07-25 14:56 -------- d-----w- c:\program files\Electronic Arts
2009-07-22 21:03 . 2009-07-22 17:00 -------- d-----w- c:\program files\Symantec
2009-07-22 21:03 . 2009-07-22 17:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-22 20:02 . 2009-07-22 19:25 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-22 20:02 . 2009-07-22 19:25 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-22 19:13 . 2009-07-22 18:55 -------- d-----w- c:\program files\NOS
2009-07-22 18:49 . 2009-07-22 18:49 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 18:49 . 2009-07-22 18:49 -------- d-----w- c:\program files\Java
2009-07-22 18:43 . 2009-07-22 18:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-22 18:35 . 2009-07-22 18:35 -------- d-----w- c:\program files\Common Files\Logishrd
2009-07-22 18:35 . 2009-07-22 18:23 -------- d-----w- c:\program files\Common Files\Logitech
2009-07-22 18:18 . 2009-07-22 18:18 -------- d-----w- c:\program files\Microsoft.NET
2009-07-22 18:14 . 2009-07-22 18:14 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
2009-07-22 18:14 . 2009-07-22 18:14 -------- d-----w- c:\program files\ASUS
2009-07-22 18:01 . 2009-07-22 18:01 0 ----a-w- c:\windows\ativpsrm.bin
2009-07-22 17:59 . 2009-07-22 17:58 -------- d-----w- c:\program files\ATI Technologies
2009-07-22 17:48 . 2009-07-22 17:48 -------- d-----w- c:\program files\MSBuild
2009-07-22 17:48 . 2009-07-22 17:48 -------- d-----w- c:\program files\Reference Assemblies
2009-07-22 17:09 . 2009-07-22 17:09 -------- d-----w- c:\program files\Marvell
2009-07-22 17:00 . 2009-07-22 17:00 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-22 17:00 . 2009-07-22 17:00 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-22 17:00 . 2009-07-22 17:00 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-07-22 17:00 . 2009-07-22 17:00 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-22 17:00 . 2009-07-22 17:00 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-07-22 17:00 . 2009-07-22 17:00 -------- d-----w- c:\program files\Norton 360
2009-07-22 17:00 . 2009-07-22 17:00 -------- d-----w- c:\program files\Windows Sidebar
2009-07-22 16:58 . 2009-07-22 16:58 -------- d-----w- c:\program files\NortonInstaller
2009-07-22 16:55 . 2009-07-22 16:41 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-22 16:55 . 2009-07-22 16:41 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-07-22 16:54 . 2009-07-22 16:41 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-07-22 16:42 . 2009-07-22 16:42 -------- d-----w- c:\program files\microsoft frontpage
2009-07-22 16:39 . 2009-07-22 16:39 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-03 16:59 . 2004-08-18 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:40 . 2004-08-18 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-04 00:48 . 2009-07-22 19:24 15384 ----a-w- c:\windows\system32\drivers\pfmodnt.sys
2009-06-04 00:48 . 2009-07-22 19:24 1177624 ----a-w- c:\windows\system32\drivers\ha20x2k.sys
2009-06-04 00:48 . 2009-07-22 19:24 95768 ----a-w- c:\windows\system32\drivers\emupia2k.sys
2009-06-04 00:47 . 2009-07-22 19:24 158744 ----a-w- c:\windows\system32\drivers\ctsfm2k.sys
2009-06-04 00:47 . 2009-07-22 19:24 14360 ----a-w- c:\windows\system32\drivers\ctprxy2k.sys
2009-06-04 00:47 . 2009-07-22 19:24 130072 ----a-w- c:\windows\system32\drivers\ctoss2k.sys
2009-06-04 00:47 . 2009-07-22 19:24 526232 ----a-w- c:\windows\system32\drivers\ctaud2k.sys
2009-06-04 00:47 . 2009-07-22 19:24 511000 ----a-w- c:\windows\system32\drivers\ctac32k.sys
2009-06-04 00:46 . 2009-06-04 00:46 1324056 ----a-w- c:\windows\system32\drivers\CTEXFIFX.sys
2009-06-04 00:46 . 2009-06-04 00:46 72728 ----a-w- c:\windows\system32\drivers\CTHWIUT.sys
2009-06-04 00:46 . 2009-06-04 00:46 171032 ----a-w- c:\windows\system32\drivers\CT20XUT.sys
2009-06-03 22:59 . 2009-06-03 22:59 11776 ----a-w- c:\windows\INRES.DLL
2009-06-03 22:59 . 2009-07-22 19:24 181248 ----a-w- c:\windows\system32\ctdvinst.dll
2009-06-03 22:59 . 2009-07-22 19:24 86016 ----a-w- c:\windows\system32\ctcoinst.dll
2009-06-03 22:57 . 2009-07-22 19:24 60928 ----a-w- c:\windows\system32\a3d.dll
2009-06-03 22:56 . 2005-08-07 22:12 48640 ----a-w- c:\windows\system32\ac3api.dll
2009-06-03 22:55 . 2009-06-03 22:55 2560 ----a-w- c:\windows\system32\CtxfiRes.dll
2009-06-03 22:55 . 2009-06-03 22:55 2560 ----a-w- c:\windows\CTXFIRES.DLL
2009-06-03 22:55 . 2005-08-07 22:10 41472 ----a-w- c:\windows\system32\CTxfiBtn.dll
2009-06-03 22:55 . 2005-08-07 22:10 39424 ----a-w- c:\windows\system32\CTxfiSpk.dll
2009-06-03 22:55 . 2005-08-07 22:10 25600 ----a-w- c:\windows\system32\Ctxfihlp.exe
2009-06-03 22:50 . 2005-08-07 22:04 47104 ----a-w- c:\windows\system32\CTxfiReg.exe
2009-06-03 22:50 . 2009-06-03 22:50 15360 ----a-w- c:\windows\system32\Ct20xspi.dll
2009-06-03 22:49 . 2005-08-07 22:04 1213440 ----a-w- c:\windows\system32\CTxfispi.exe
2009-06-03 22:40 . 2009-07-22 19:24 321512 ----a-w- c:\windows\system32\ctdlang.dat
2009-06-03 22:40 . 2009-06-03 22:40 56509 ----a-w- c:\windows\system32\ctdnlstr.dat
2009-06-03 22:40 . 2009-07-22 19:24 114688 ----a-w- c:\windows\system32\ctemupia.dll
2009-06-03 22:37 . 2005-08-07 21:54 193024 ----a-w- c:\windows\system32\ct_oal.dll
2009-06-03 22:37 . 2005-08-07 21:54 50688 ----a-w- c:\windows\system32\ctasio.dll
2009-06-03 22:37 . 2009-07-22 19:24 53248 ----a-w- c:\windows\system32\ctdproxy.dll
2009-06-03 22:36 . 2005-08-07 21:54 74752 ----a-w- c:\windows\system32\ctosuser.dll
2009-06-03 22:36 . 2009-07-22 19:24 10240 ----a-w- c:\windows\system32\sfman32.dll
2009-06-03 22:36 . 2005-08-07 21:54 108544 ----a-w- c:\windows\system32\sfms32.dll
2009-06-03 22:36 . 2005-08-07 21:54 16384 ----a-w- c:\windows\system32\regplib.exe
2009-06-03 22:36 . 2009-07-22 19:24 68608 ----a-w- c:\windows\system32\piaproxy.dll
2009-06-03 22:33 . 2009-06-03 22:33 7680 ----a-w- c:\windows\system32\enlocstr.exe
2009-06-03 22:32 . 2005-08-07 21:52 12800 ----a-w- c:\windows\system32\killapps.exe
2009-06-03 22:31 . 2005-08-07 21:51 36864 ----a-w- c:\windows\system32\devreg.dll
2009-06-03 19:11 . 2004-08-18 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:33 . 2004-08-18 12:00 346624 ----a-w- c:\windows\system32\localspl.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-27 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe" [2004-06-22 729088]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2005-08-07 16384]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2009-06-03 25600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-22 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 22:30 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [22.7.2009 21:48 34432]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [25.7.2009 20:27 70784]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.086\SymEFA.sys [22.7.2009 19:00 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.086\BHDrvx86.sys [22.7.2009 19:00 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.086\cchpx86.sys [22.7.2009 19:00 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722.001\IDSXpx86.sys [28.7.2009 8:27 276344]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe [22.7.2009 19:00 115560]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [18.8.2004 14:00 5120]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [4.6.2009 2:46 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [4.6.2009 2:46 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [4.6.2009 2:46 72728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [22.7.2009 19:26 101936]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20.12.2007 17:13 1553896]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [22.7.2009 22:03 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [4.6.2009 2:46 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [4.6.2009 2:46 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [4.6.2009 2:46 72728]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-07-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 13:17]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = localhost
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-29 21:11
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(5608)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-07-29 21:12
ComboFix-quarantined-files.txt 2009-07-29 19:12

Před spuštěním: Volných bajtů: 221 494 669 312
Po spuštění: Volných bajtů: 221 610 360 832

282 --- E O F --- 2009-07-26 06:59

[Damned]

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.

c:\windows\system32\AppSetup.exe
c:\windows\CTHELPER.EXE
c:\windows\system32\Ctxfihlp.exe

[Hugouš]

Jinak se mi sem výsledky nepodařilo dostat (pouze jsem je sem nakopíroval). Když tak poraď pokud to nestačí, jak to udělat lépe.


AnalýzaHledání součtůStatistikyEmail/UploaderO VT

Soubor AppSetup.exe přijatý 2009.07.29 20:06:30 (UTC)
Současný stav: Dokončeno

Výsledek: 1/38 (2.63%)
Formátované Vytisknout výsledky Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.24 2009.07.29 -
AhnLab-V3 5.0.0.2 2009.07.29 -
AntiVir 7.9.0.234 2009.07.29 -
Antiy-AVL 2.0.3.7 2009.07.29 -
Authentium 5.1.2.4 2009.07.28 -
Avast 4.8.1335.0 2009.07.29 -
BitDefender 7.2 2009.07.29 -
CAT-QuickHeal 10.00 2009.07.28 -
ClamAV 0.94.1 2009.07.29 -
Comodo 1807 2009.07.29 -
DrWeb 5.0.0.12182 2009.07.29 -
eSafe 7.0.17.0 2009.07.29 -
eTrust-Vet 31.6.6645 2009.07.29 -
F-Prot 4.4.4.56 2009.07.28 File is damaged
Fortinet 3.120.0.0 2009.07.29 -
GData 19 2009.07.29 -
Ikarus T3.1.1.64.0 2009.07.29 -
Jiangmin 11.0.800 2009.07.29 -
K7AntiVirus 7.10.805 2009.07.29 -
Kaspersky 7.0.0.125 2009.07.29 -
McAfee 5692 2009.07.29 -
McAfee+Artemis 5692 2009.07.29 -
McAfee-GW-Edition 6.8.5 2009.07.29 -
Microsoft 1.4903 2009.07.29 -
NOD32 4289 2009.07.29 -
Norman 6.01.09 2009.07.29 -
nProtect 2009.1.8.0 2009.07.29 -
PCTools 4.4.2.0 2009.07.29 -
Prevx 3.0 2009.07.29 -
Rising 21.40.24.00 2009.07.29 -
Sophos 4.44.0 2009.07.29 -
Sunbelt 3.2.1858.2 2009.07.29 -
Symantec 1.4.4.12 2009.07.29 -
TheHacker 6.3.4.3.377 2009.07.29 -
TrendMicro 8.950.0.1094 2009.07.29 -
VBA32 3.12.10.9 2009.07.29 -
ViRobot 2009.7.29.1859 2009.07.29 -
VirusBuster 4.6.5.0 2009.07.29 -
Rozšiřující informace
File size: 22691984 bytes
MD5 : 1c832aaf7f460d528c3977ddb1ec3628
SHA1 : 9fa3cb80e1676848e5eb26e19024de5fe876b272
SHA256: aa0a1042b4283a452bb91e3ac0d08fbfdf4497e89a7d63ff50bffc965ce28e2e
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xA0AC
timedatestamp.....: 0x45A493CA (Wed Jan 10 08:20:42 2007)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xE62A 0xF000 6.52 b7d4be83f62baae2134609d7fb1b1a87
.rdata 0x10000 0x12FE 0x2000 3.79 149387c5ba9397f0d91b155ee1520ece
.data 0x12000 0x7680 0x3000 1.06 3983803cb133e7d6468af9f078a96a8b
.rsrc 0x1A000 0x29E4 0x3000 3.91 05a7bb2d8baf6b8a525baee15f1b4182

( 4 imports )

> advapi32.dll: RegQueryValueExA, RegCloseKey, RegOpenKeyExA
> kernel32.dll: DeleteFileA, GetFileAttributesA, CreateDirectoryA, SetFileAttributesA, CloseHandle, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, CreateFileA, GetWindowsDirectoryA, lstrcmpiA, ReadFile, GetFileSize, CreateProcessA, CopyFileA, RemoveDirectoryA, GetExitCodeProcess, WaitForSingleObject, GetCurrentProcess, GetCommandLineA, SetCurrentDirectoryA, GetFullPathNameA, GetModuleFileNameA, GetModuleHandleA, FreeLibrary, GetProcAddress, LoadLibraryA, ExitThread, FindNextFileA, Sleep, CreateThread, TerminateThread, IsBadCodePtr, IsBadReadPtr, SetUnhandledExceptionFilter, FlushFileBuffers, LCMapStringW, LCMapStringA, GetEnvironmentStringsW, GetEnvironmentStrings, WideCharToMultiByte, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, SetStdHandle, GetStdHandle, SetHandleCount, SetEndOfFile, IsBadWritePtr, HeapReAlloc, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, GetVersionExA, FindFirstFileA, lstrcmpA, MultiByteToWideChar, FindClose, GetEnvironmentVariableA, GetOEMCP, GetACP, GetCPInfo, GetStringTypeW, HeapFree, HeapAlloc, GetLastError, GetFileType, WriteFile, SetFilePointer, ExitProcess, TerminateProcess, RtlUnwind, GetStartupInfoA, GetVersion, GetStringTypeA
> shell32.dll: SHBrowseForFolderA, SHGetPathFromIDListA, SHGetMalloc, FindExecutableA
> user32.dll: SetWindowTextA, DefWindowProcA, DestroyWindow, CreateWindowExA, LoadCursorA, RegisterClassExA, LoadAcceleratorsA, GetMessageA, TranslateAcceleratorA, TranslateMessage, DispatchMessageA, PostQuitMessage, PostMessageA, EnableWindow, ShowWindow, UpdateWindow, LoadStringA, WaitForInputIdle, MessageBoxA, DialogBoxParamA, EndDialog, SetDlgItemTextA, LoadIconA

( 0 exports )

TrID : File type identification
Win32 EXE PECompact compressed (generic) (76.8%)
Win32 Executable Generic (15.7%)
Generic Win/DOS Executable (3.7%)
DOS Executable Generic (3.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 393216:hFQzcjxcLDqpiZtXDpZtGHW6fJuBiG1WewnDCRuyN3ZKk5p0T0Qbr2wQR9SzOK3i:MAGfqpiHXDdmJIiG1WNO5Jvc0crhQe9M
PEiD : Armadillo v1.71
packers (F-Prot): CAB
RDS : NSRL Reference Data Set

Soubor CTHELPER.EXE přijatý 2009.07.29 20:20:39 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 2.
Odhadovaný čas začátku mezi 50 a 71 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov. Email:


Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.24 2009.07.29 -
AhnLab-V3 5.0.0.2 2009.07.29 -
AntiVir 7.9.0.234 2009.07.29 -
Antiy-AVL 2.0.3.7 2009.07.29 -
Authentium 5.1.2.4 2009.07.28 -
Avast 4.8.1335.0 2009.07.29 -
AVG 8.5.0.387 2009.07.29 -
BitDefender 7.2 2009.07.29 -
CAT-QuickHeal 10.00 2009.07.28 -
ClamAV 0.94.1 2009.07.29 -
Comodo 1808 2009.07.29 -
DrWeb 5.0.0.12182 2009.07.29 -
eSafe 7.0.17.0 2009.07.29 -
eTrust-Vet 31.6.6645 2009.07.29 -
F-Prot 4.4.4.56 2009.07.28 -
F-Secure 8.0.14470.0 2009.07.29 -
Fortinet 3.120.0.0 2009.07.29 -
GData 19 2009.07.29 -
Ikarus T3.1.1.64.0 2009.07.29 -
Jiangmin 11.0.800 2009.07.29 -
K7AntiVirus 7.10.805 2009.07.29 -
Kaspersky 7.0.0.125 2009.07.29 -
McAfee 5692 2009.07.29 -
McAfee+Artemis 5692 2009.07.29 -
McAfee-GW-Edition 6.8.5 2009.07.29 -
Microsoft 1.4903 2009.07.29 -
NOD32 4289 2009.07.29 -
Norman 6.01.09 2009.07.29 -
nProtect 2009.1.8.0 2009.07.29 -
Panda 10.0.0.14 2009.07.29 -
PCTools 4.4.2.0 2009.07.29 -
Prevx 3.0 2009.07.29 -
Rising 21.40.24.00 2009.07.29 -
Sophos 4.44.0 2009.07.29 -
Sunbelt 3.2.1858.2 2009.07.29 -
Symantec 1.4.4.12 2009.07.29 -
TheHacker 6.3.4.3.377 2009.07.29 -
TrendMicro 8.950.0.1094 2009.07.29 -
VBA32 3.12.10.9 2009.07.29 -
ViRobot 2009.7.29.1859 2009.07.29 -
VirusBuster 4.6.5.0 2009.07.29 -
Rozšiřující informace
File size: 16384 bytes
MD5...: 344732130f1adc7d7fa5d8f2446b8cdc
SHA1..: 0779f7d5199e76c8fa79a11845950bcc51490227
SHA256: d3769db9bb3b132565008749a1e470cf71a2806d91998cc4b2f7f1f6fd1198b6
ssdeep: 384:JPmdOd0TAc//nOIC/oFgddc1lsoNwPBK8PluIDWSk:J+dOd0r/nyGM59uI6z

PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x35af
timedatestamp.....: 0x42f686c9 (Sun Aug 07 22:10:17 2005)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3260 0x3400 6.04 12709f0972020d8837220683792186ed
.data 0x5000 0x1c8 0x200 2.16 1b3293c81540a0e41da6123a47794bac
.rsrc 0x6000 0x478 0x600 2.54 61743f64a457532deff0a91e58b870cc

( 7 imports )
> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> msvcrt.dll: _initterm, __getmainargs, _acmdln, exit, __setusermatherr, __set_app_type, _exit, _c_exit, sprintf, malloc, _adjust_fdiv, __p__commode, _cexit, __p__fmode, __CxxFrameHandler, free, _except_handler3, __1type_info@@UAE@XZ, __dllonexit, _onexit, _controlfp, _terminate@@YAXXZ, _XcptFilter, _setmbcp
> ADVAPI32.dll: RegCloseKey, RegOpenKeyA, RegSetValueExA, RegCreateKeyExA, RegEnumValueA, RegCreateKeyA, RegQueryValueExA
> KERNEL32.dll: GetLastError, CloseHandle, CreateFileA, FreeLibrary, GetProcAddress, CreateProcessA, LoadLibraryA, GetModuleHandleA, GetStartupInfoA, CreateSemaphoreA
> USER32.dll: RegisterDeviceNotificationA, EnableWindow, UnregisterDeviceNotification
> ole32.dll: CoCreateInstance, CoUninitialize, CoInitialize
> SETUPAPI.dll: SetupDiEnumDeviceInterfaces, SetupDiOpenDeviceInterfaceA, SetupDiGetDeviceInterfaceDetailA, SetupDiGetDeviceRegistryPropertyA, SetupDiDestroyDeviceInfoList, SetupDiGetClassDevsA

( 0 exports )

PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=344732130f1adc7d7fa5d8f2446b8cdc' target='_blank'>http://www.threatexpert.com/report.aspx?md5=344732130f1adc7d7fa5d8f2446b8cdc</a>


Soubor Ctxfihlp.exe přijatý 2009.07.29 20:26:08 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 2.
Odhadovaný čas začátku mezi 50 a 71 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov. Email:


Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.24 2009.07.29 -
AhnLab-V3 5.0.0.2 2009.07.29 -
AntiVir 7.9.0.234 2009.07.29 -
Antiy-AVL 2.0.3.7 2009.07.29 -
Authentium 5.1.2.4 2009.07.28 -
Avast 4.8.1335.0 2009.07.29 -
AVG 8.5.0.387 2009.07.29 -
BitDefender 7.2 2009.07.29 -
CAT-QuickHeal 10.00 2009.07.28 -
ClamAV 0.94.1 2009.07.29 -
Comodo 1808 2009.07.29 -
DrWeb 5.0.0.12182 2009.07.29 -
eSafe 7.0.17.0 2009.07.29 -
eTrust-Vet 31.6.6645 2009.07.29 -
F-Prot 4.4.4.56 2009.07.28 -
F-Secure 8.0.14470.0 2009.07.29 -
Fortinet 3.120.0.0 2009.07.29 -
GData 19 2009.07.29 -
Ikarus T3.1.1.64.0 2009.07.29 -
Jiangmin 11.0.800 2009.07.29 -
K7AntiVirus 7.10.805 2009.07.29 -
Kaspersky 7.0.0.125 2009.07.29 -
McAfee 5692 2009.07.29 -
McAfee+Artemis 5692 2009.07.29 -
McAfee-GW-Edition 6.8.5 2009.07.29 -
Microsoft 1.4903 2009.07.29 -
NOD32 4289 2009.07.29 -
Norman 6.01.09 2009.07.29 -
nProtect 2009.1.8.0 2009.07.29 -
Panda 10.0.0.14 2009.07.29 -
PCTools 4.4.2.0 2009.07.29 -
Prevx 3.0 2009.07.29 -
Rising 21.40.24.00 2009.07.29 -
Sophos 4.44.0 2009.07.29 -
Sunbelt 3.2.1858.2 2009.07.29 -
Symantec 1.4.4.12 2009.07.29 -
TheHacker 6.3.4.3.377 2009.07.29 -
TrendMicro 8.950.0.1094 2009.07.29 -
VBA32 3.12.10.9 2009.07.29 -
ViRobot 2009.7.29.1859 2009.07.29 -
VirusBuster 4.6.5.0 2009.07.29 -
Rozšiřující informace
File size: 25600 bytes
MD5...: 73e6594a8fb258051369c28147437301
SHA1..: fb215d433441dbb4cf9c41c08ac2ef9418775ce2
SHA256: a64ce9502abf5a6725449cbd67ee8ac3a120279b238427176da377318016320b
ssdeep: 384:32Uj//JielFeN3F+hWQm6NmhXlbjC50I9e3t2ChGf64wwToCVBoCekoL2shW
ohGx:37jcOFe9FjNk2CIKf64H1oCy1QQGYhW

PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x47ca
timedatestamp.....: 0x4a26aaf3 (Wed Jun 03 16:55:15 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4ed2 0x5000 6.47 b2d728eb06bb7ef01a600a1a24ceda70
.data 0x6000 0x884 0x600 5.19 1343fb41bb4815e25791d64151fadb75
.rsrc 0x7000 0x9d8 0xa00 3.38 569a2ff1e647670208589b585da5c112

( 8 imports )
> ADVAPI32.dll: RegSetValueExA, RegCreateKeyExA, RegEnumValueA, RegOpenKeyA, RegCloseKey
> KERNEL32.dll: GetLastError, CreateSemaphoreA, CloseHandle, FreeLibrary, GetProcAddress, LoadLibraryA, GetModuleHandleA, Sleep, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, SetUnhandledExceptionFilter, InterlockedCompareExchange, GetStartupInfoA, RtlUnwind, InterlockedExchange
> USER32.dll: EnableWindow, UnregisterDeviceNotification, RegisterDeviceNotificationA, LoadIconA, GetClientRect, IsIconic, PostMessageA, SendMessageA, DrawIcon, GetSystemMetrics
> MFC42.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> msvcrt.dll: _unlock, __dllonexit, _lock, _onexit, _terminate@@YAXXZ, _controlfp, __1type_info@@UAE@XZ, _itoa, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, _acmdln, exit, _ismbblead, _XcptFilter, _exit, _cexit, __getmainargs, ___U@YAPAXI@Z, sprintf, ___V@YAXPAX@Z, malloc, free, memset, __CxxFrameHandler, _setmbcp
> ole32.dll: CoInitializeSecurity, CoCreateInstance, CoUninitialize, CoInitialize
> OLEAUT32.dll: -, -, -, -, -, -, -, -
> SETUPAPI.dll: SetupDiEnumDeviceInterfaces, SetupDiDestroyDeviceInfoList, SetupDiGetDeviceInterfaceDetailA, SetupDiGetClassDevsA, SetupDiOpenDeviceInterfaceA, SetupDiGetDeviceRegistryPropertyA

( 0 exports )

PDFiD.: -
RDS...: NSRL Reference Data Set

[Damned]

Zkontroluj ještě tento soubor:
c:\windows\system32\killapps.exe
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\ezsidmv.dat

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"=-
"CTxfiHlp"=-



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

[Hugouš]

Vše jsem provedl a zdá se, že PC se chová "mravně". Snad po další nějaké instalaci bude vše v pořádku.
Dík za pomoc.

Virustotal nic nenašel.

ComboFix 09-07-29.01 - Jirka 29.07.2009 23:05.2.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1478 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jirka\Plocha\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\windows\system32\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ezsidmv.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-28 do 2009-07-29 )))))))))))))))))))))))))))))))
.

2009-07-29 20:30 . 2009-06-15 08:10 282624 ----a-w- c:\windows\system32\yk51x86.dll
2009-07-29 17:16 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-29 17:16 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-29 17:16 . 2009-07-29 17:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 20:08 . 2009-07-28 20:08 -------- d-----w- c:\program files\Trend Micro
2009-07-28 19:05 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-28 19:05 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-28 17:32 . 2009-07-28 17:32 -------- d-----w- c:\program files\Common Files\Corel
2009-07-28 17:32 . 2009-07-28 17:32 -------- d-----w- c:\program files\Corel
2009-07-26 06:48 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-25 21:53 . 1999-12-12 23:01 44032 ------w- c:\windows\system32\CTSVCCDA.EXE
2009-07-25 21:53 . 1999-11-17 23:00 25088 ------w- c:\windows\system32\CTSVCCTL.EXE
2009-07-25 21:52 . 2009-07-25 21:52 -------- d--h--w- c:\program files\Creative Installation Information
2009-07-25 21:52 . 2009-07-25 21:52 -------- d-----w- c:\program files\Common Files\Creative
2009-07-25 20:53 . 2009-07-25 20:53 -------- d-----w- c:\program files\Common Files\Skype
2009-07-25 20:53 . 2009-07-25 20:53 -------- d-----r- c:\program files\Skype
2009-07-25 20:14 . 2009-07-25 20:14 -------- d-----w- c:\program files\Ashampoo
2009-07-25 18:27 . 2006-08-30 13:43 70784 ----a-w- c:\windows\system32\drivers\mv61xx.sys
2009-07-25 18:13 . 2009-07-25 18:13 -------- d-----w- c:\program files\Innovative Solutions
2009-07-25 15:19 . 2009-07-25 15:28 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-25 15:19 . 2009-07-25 15:28 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-25 15:19 . 2009-07-25 15:28 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-25 15:18 . 2009-07-25 15:18 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-25 14:34 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-07-25 14:34 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-07-25 14:19 . 2009-07-25 14:19 -------- d--h--w- C:\CanoScan
2009-07-25 14:19 . 2003-01-29 08:43 745472 ----a-w- c:\windows\system32\CNQA2403.dll
2009-07-25 14:19 . 2003-01-16 06:43 36864 ----a-w- c:\windows\system32\CNQU81.DLL
2009-07-25 14:19 . 2003-01-16 06:43 204800 ----a-w- c:\windows\system32\CNQL2403.dll
2009-07-25 14:19 . 2003-01-15 10:39 389180 ----a-w- c:\windows\system32\UCS32P.DLL
2009-07-25 10:17 . 2002-10-01 07:22 9856 ------w- c:\windows\system32\drivers\pfc.sys
2009-07-25 10:17 . 2009-07-25 10:17 -------- d-----w- c:\program files\ArcSoft
2009-07-25 10:17 . 1999-05-26 07:46 212480 ----a-w- c:\windows\pcdlib32.dll
2009-07-25 09:29 . 2009-07-25 09:29 -------- d-----w- c:\program files\MSXML 4.0
2009-07-23 21:19 . 2009-07-23 21:19 306432 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-23 21:19 . 2007-12-20 08:41 29440 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-23 21:19 . 2009-07-23 21:19 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-07-23 21:18 . 2009-07-23 21:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-23 21:17 . 2009-07-23 21:17 -------- d-----w- C:\CAPELLA2
2009-07-23 21:17 . 1996-02-22 01:20 25104 ----a-w- c:\windows\system\CTL3D.DLL
2009-07-23 21:11 . 2009-07-23 21:15 -------- d-----w- c:\program files\SuperEasy Software
2009-07-23 21:02 . 2009-07-23 21:02 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-07-23 21:02 . 2009-07-23 21:02 -------- d-----w- c:\program files\ACD Systems
2009-07-23 21:00 . 2009-07-23 21:00 -------- d-----w- c:\windows\Downloaded Installations
2009-07-23 20:46 . 2009-07-23 20:46 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-07-23 20:46 . 2009-07-29 07:07 -------- d-----w- c:\program files\DVDFab 6
2009-07-23 20:39 . 2003-12-24 05:00 7680 ----a-w- c:\windows\system32\CNMVS5x.DLL
2009-07-23 20:39 . 2003-12-24 05:00 113152 ----a-w- c:\windows\system32\CNMLM5x.DLL
2009-07-23 20:39 . 2003-08-27 12:11 86016 ----a-r- c:\windows\system32\CNMCP5x.exe
2009-07-23 20:39 . 2009-07-23 20:39 -------- d--h--w- C:\BJPrinter
2009-07-23 20:23 . 2009-07-23 20:24 -------- d-----w- C:\totalcmd
2009-07-23 20:23 . 2008-08-08 05:04 545 ----a-w- c:\windows\UC.PIF
2009-07-23 20:23 . 2008-08-08 05:04 545 ----a-w- c:\windows\RAR.PIF
2009-07-23 20:23 . 2008-08-08 05:04 545 ----a-w- c:\windows\PKZIP.PIF
2009-07-23 20:23 . 2008-08-08 05:04 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-07-23 20:23 . 2008-08-08 05:04 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-07-23 20:23 . 2008-08-08 05:04 545 ----a-w- c:\windows\LHA.PIF
2009-07-23 20:23 . 2008-08-08 05:04 545 ----a-w- c:\windows\ARJ.PIF
2009-07-22 21:03 . 2007-03-21 18:39 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2009-07-22 21:03 . 2007-03-21 18:33 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2009-07-22 21:03 . 2007-03-21 18:33 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2009-07-22 21:01 . 2008-01-19 18:12 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2009-07-22 21:01 . 2008-01-19 17:40 15088 ----a-w- c:\windows\system32\drivers\vproeventmonitor.sys
2009-07-22 21:01 . 2008-01-19 17:45 38112 ----a-w- c:\windows\system32\drivers\v2imount.sys
2009-07-22 21:01 . 2007-12-20 15:13 136416 ----a-w- c:\windows\system32\drivers\symsnap.sys
2009-07-22 21:00 . 2009-07-22 21:00 -------- d-----w- c:\program files\Norton Ghost
2009-07-22 20:33 . 2008-04-13 22:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-07-22 20:33 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-07-22 20:33 . 2009-07-22 20:33 -------- d-----w- c:\program files\Common Files\CANON
2009-07-22 20:30 . 2006-09-13 05:00 197632 ----a-w- c:\windows\system32\CNMLM86.DLL
2009-07-22 20:30 . 2009-07-22 20:30 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2009-07-22 20:29 . 2009-07-22 20:29 -------- d--h--w- c:\program files\CanonBJ
2009-07-22 20:28 . 2009-07-25 14:29 -------- d-----w- c:\program files\Canon
2009-07-22 20:24 . 2009-07-22 20:24 -------- d-----w- c:\documents and settings\administrator\oblíbené položky
2009-07-22 20:24 . 2009-07-22 20:24 -------- d-----w- c:\documents and settings\administrator.jirka-25e1394e7\oblíbené položky
2009-07-22 20:24 . 2009-07-22 20:24 -------- d-----w- c:\documents and settings\administrator.jirka-25e1394e7
2009-07-22 20:24 . 2009-07-22 20:24 -------- d-----w- c:\documents and settings\administrator
2009-07-22 20:15 . 2009-07-22 20:15 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-22 20:13 . 2009-07-22 20:14 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-07-22 20:13 . 2009-07-22 20:13 -------- d-----w- c:\windows\system32\LogFiles
2009-07-22 20:08 . 2008-04-14 06:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-07-22 20:03 . 2009-07-22 20:03 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2009-07-22 20:02 . 2008-02-04 08:27 102400 ----a-w- c:\windows\system32\cttele32.dll
2009-07-22 20:02 . 2009-07-22 20:02 -------- d-----w- c:\program files\OpenAL
2009-07-22 19:58 . 2009-05-18 12:34 22691984 ----a-w- c:\windows\system32\AppSetup.exe
2009-07-22 19:48 . 2006-01-06 16:45 34432 ----a-r- c:\windows\system32\drivers\mv614x.sys
2009-07-22 19:24 . 2009-06-04 00:47 347080 ----a-w- c:\windows\system32\drivers\ctdvda2k.sys
2009-07-22 19:16 . 2009-07-25 21:54 -------- d-----w- c:\program files\Creative

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 20:32 . 2004-08-18 12:00 79062 ----a-w- c:\windows\system32\perfc005.dat
2009-07-29 20:32 . 2004-08-18 12:00 432004 ----a-w- c:\windows\system32\perfh005.dat
2009-07-29 17:04 . 2009-07-22 18:23 -------- d-----w- c:\program files\Logitech
2009-07-28 17:32 . 2009-07-22 17:08 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-25 21:54 . 2009-07-22 17:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-25 16:06 . 2009-07-22 18:25 -------- d-----w- c:\program files\CyberLink
2009-07-25 14:56 . 2009-07-25 14:56 -------- d-----w- c:\program files\Electronic Arts
2009-07-22 21:03 . 2009-07-22 17:00 -------- d-----w- c:\program files\Symantec
2009-07-22 21:03 . 2009-07-22 17:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-22 20:02 . 2009-07-22 19:25 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-22 20:02 . 2009-07-22 19:25 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-22 19:13 . 2009-07-22 18:55 -------- d-----w- c:\program files\NOS
2009-07-22 18:49 . 2009-07-22 18:49 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 18:49 . 2009-07-22 18:49 -------- d-----w- c:\program files\Java
2009-07-22 18:43 . 2009-07-22 18:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-22 18:35 . 2009-07-22 18:35 -------- d-----w- c:\program files\Common Files\Logishrd
2009-07-22 18:35 . 2009-07-22 18:23 -------- d-----w- c:\program files\Common Files\Logitech
2009-07-22 18:18 . 2009-07-22 18:18 -------- d-----w- c:\program files\Microsoft.NET
2009-07-22 18:14 . 2009-07-22 18:14 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
2009-07-22 18:14 . 2009-07-22 18:14 -------- d-----w- c:\program files\ASUS
2009-07-22 18:01 . 2009-07-22 18:01 0 ----a-w- c:\windows\ativpsrm.bin
2009-07-22 17:59 . 2009-07-22 17:58 -------- d-----w- c:\program files\ATI Technologies
2009-07-22 17:48 . 2009-07-22 17:48 -------- d-----w- c:\program files\MSBuild
2009-07-22 17:48 . 2009-07-22 17:48 -------- d-----w- c:\program files\Reference Assemblies
2009-07-22 17:09 . 2009-07-22 17:09 -------- d-----w- c:\program files\Marvell
2009-07-22 17:00 . 2009-07-22 17:00 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-22 17:00 . 2009-07-22 17:00 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-22 17:00 . 2009-07-22 17:00 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-07-22 17:00 . 2009-07-22 17:00 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-22 17:00 . 2009-07-22 17:00 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-07-22 17:00 . 2009-07-22 17:00 -------- d-----w- c:\program files\Norton 360
2009-07-22 17:00 . 2009-07-22 17:00 -------- d-----w- c:\program files\Windows Sidebar
2009-07-22 16:58 . 2009-07-22 16:58 -------- d-----w- c:\program files\NortonInstaller
2009-07-22 16:55 . 2009-07-22 16:41 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-22 16:55 . 2009-07-22 16:41 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-07-22 16:54 . 2009-07-22 16:41 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-07-22 16:42 . 2009-07-22 16:42 -------- d-----w- c:\program files\microsoft frontpage
2009-07-22 16:39 . 2009-07-22 16:39 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-03 16:59 . 2004-08-18 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:40 . 2004-08-18 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 08:10 . 2005-03-30 06:24 297728 ----a-w- c:\windows\system32\drivers\yk51x86.sys
2009-06-04 00:48 . 2009-07-22 19:24 15384 ----a-w- c:\windows\system32\drivers\pfmodnt.sys
2009-06-04 00:48 . 2009-07-22 19:24 1177624 ----a-w- c:\windows\system32\drivers\ha20x2k.sys
2009-06-04 00:48 . 2009-07-22 19:24 95768 ----a-w- c:\windows\system32\drivers\emupia2k.sys
2009-06-04 00:47 . 2009-07-22 19:24 158744 ----a-w- c:\windows\system32\drivers\ctsfm2k.sys
2009-06-04 00:47 . 2009-07-22 19:24 14360 ----a-w- c:\windows\system32\drivers\ctprxy2k.sys
2009-06-04 00:47 . 2009-07-22 19:24 130072 ----a-w- c:\windows\system32\drivers\ctoss2k.sys
2009-06-04 00:47 . 2009-07-22 19:24 526232 ----a-w- c:\windows\system32\drivers\ctaud2k.sys
2009-06-04 00:47 . 2009-07-22 19:24 511000 ----a-w- c:\windows\system32\drivers\ctac32k.sys
2009-06-04 00:46 . 2009-06-04 00:46 1324056 ----a-w- c:\windows\system32\drivers\CTEXFIFX.sys
2009-06-04 00:46 . 2009-06-04 00:46 72728 ----a-w- c:\windows\system32\drivers\CTHWIUT.sys
2009-06-04 00:46 . 2009-06-04 00:46 171032 ----a-w- c:\windows\system32\drivers\CT20XUT.sys
2009-06-03 22:59 . 2009-06-03 22:59 11776 ----a-w- c:\windows\INRES.DLL
2009-06-03 22:59 . 2009-07-22 19:24 181248 ----a-w- c:\windows\system32\ctdvinst.dll
2009-06-03 22:59 . 2009-07-22 19:24 86016 ----a-w- c:\windows\system32\ctcoinst.dll
2009-06-03 22:57 . 2009-07-22 19:24 60928 ----a-w- c:\windows\system32\a3d.dll
2009-06-03 22:56 . 2005-08-07 22:12 48640 ----a-w- c:\windows\system32\ac3api.dll
2009-06-03 22:55 . 2009-06-03 22:55 2560 ----a-w- c:\windows\system32\CtxfiRes.dll
2009-06-03 22:55 . 2009-06-03 22:55 2560 ----a-w- c:\windows\CTXFIRES.DLL
2009-06-03 22:55 . 2005-08-07 22:10 41472 ----a-w- c:\windows\system32\CTxfiBtn.dll
2009-06-03 22:55 . 2005-08-07 22:10 39424 ----a-w- c:\windows\system32\CTxfiSpk.dll
2009-06-03 22:55 . 2005-08-07 22:10 25600 ----a-w- c:\windows\system32\Ctxfihlp.exe
2009-06-03 22:50 . 2005-08-07 22:04 47104 ----a-w- c:\windows\system32\CTxfiReg.exe
2009-06-03 22:50 . 2009-06-03 22:50 15360 ----a-w- c:\windows\system32\Ct20xspi.dll
2009-06-03 22:49 . 2005-08-07 22:04 1213440 ----a-w- c:\windows\system32\CTxfispi.exe
2009-06-03 22:40 . 2009-07-22 19:24 321512 ----a-w- c:\windows\system32\ctdlang.dat
2009-06-03 22:40 . 2009-06-03 22:40 56509 ----a-w- c:\windows\system32\ctdnlstr.dat
2009-06-03 22:40 . 2009-07-22 19:24 114688 ----a-w- c:\windows\system32\ctemupia.dll
2009-06-03 22:37 . 2005-08-07 21:54 193024 ----a-w- c:\windows\system32\ct_oal.dll
2009-06-03 22:37 . 2005-08-07 21:54 50688 ----a-w- c:\windows\system32\ctasio.dll
2009-06-03 22:37 . 2009-07-22 19:24 53248 ----a-w- c:\windows\system32\ctdproxy.dll
2009-06-03 22:36 . 2005-08-07 21:54 74752 ----a-w- c:\windows\system32\ctosuser.dll
2009-06-03 22:36 . 2009-07-22 19:24 10240 ----a-w- c:\windows\system32\sfman32.dll
2009-06-03 22:36 . 2005-08-07 21:54 108544 ----a-w- c:\windows\system32\sfms32.dll
2009-06-03 22:36 . 2005-08-07 21:54 16384 ----a-w- c:\windows\system32\regplib.exe
2009-06-03 22:36 . 2009-07-22 19:24 68608 ----a-w- c:\windows\system32\piaproxy.dll
2009-06-03 22:33 . 2009-06-03 22:33 7680 ----a-w- c:\windows\system32\enlocstr.exe
2009-06-03 22:32 . 2005-08-07 21:52 12800 ----a-w- c:\windows\system32\killapps.exe
2009-06-03 22:31 . 2005-08-07 21:51 36864 ----a-w- c:\windows\system32\devreg.dll
2009-06-03 19:11 . 2004-08-18 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:33 . 2004-08-18 12:00 346624 ----a-w- c:\windows\system32\localspl.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-29_19.11.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-29 20:35 . 2009-07-29 20:35 16384 c:\windows\Temp\Perflib_Perfdata_fc8.dat
+ 2009-07-29 20:34 . 2009-07-29 20:34 16384 c:\windows\Temp\Perflib_Perfdata_920.dat
+ 2009-07-29 20:34 . 2009-07-29 20:34 16384 c:\windows\Temp\Perflib_Perfdata_814.dat
+ 2009-07-29 20:34 . 2009-07-29 20:34 16384 c:\windows\Temp\Perflib_Perfdata_7fc.dat
- 2004-08-18 12:00 . 2009-07-26 08:16 68156 c:\windows\system32\perfc009.dat
+ 2004-08-18 12:00 . 2009-07-29 20:32 68156 c:\windows\system32\perfc009.dat
+ 2009-07-29 20:31 . 2005-03-30 06:24 230400 c:\windows\system32\ReinstallBackups\0007\DriverFiles\yk51x86.sys
- 2004-08-18 12:00 . 2009-07-26 08:16 435260 c:\windows\system32\perfh009.dat
+ 2004-08-18 12:00 . 2009-07-29 20:32 435260 c:\windows\system32\perfh009.dat
+ 2009-07-29 20:30 . 2009-06-15 08:10 297728 c:\windows\system32\DRVSTORE\oem_no_dri_8B177BF8BEE50D50C0D64EE96CAF81EBCBD64EF4\yk51x86.sys
+ 2009-07-29 20:30 . 2009-06-15 08:10 282624 c:\windows\system32\DRVSTORE\oem_no_dri_8B177BF8BEE50D50C0D64EE96CAF81EBCBD64EF4\yk51x86.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2009-07-22 7914328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-27 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe" [2004-06-22 729088]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-22 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 22:30 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [22.7.2009 21:48 34432]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [25.7.2009 20:27 70784]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.086\SymEFA.sys [22.7.2009 19:00 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.086\BHDrvx86.sys [22.7.2009 19:00 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.086\cchpx86.sys [22.7.2009 19:00 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722.001\IDSXpx86.sys [28.7.2009 8:27 276344]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe [22.7.2009 19:00 115560]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [18.8.2004 14:00 5120]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [4.6.2009 2:46 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [4.6.2009 2:46 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [4.6.2009 2:46 72728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [22.7.2009 19:26 101936]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20.12.2007 17:13 1553896]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [22.7.2009 22:03 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [4.6.2009 2:46 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [4.6.2009 2:46 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [4.6.2009 2:46 72728]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-07-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 13:17]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = localhost
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-29 23:08
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Celkový čas: 2009-07-29 23:09
ComboFix-quarantined-files.txt 2009-07-29 21:09
ComboFix2.txt 2009-07-29 19:12

Před spuštěním: Volných bajtů: 221 606 473 728
Po spuštění: Volných bajtů: 221 573 799 936

295 --- E O F --- 2009-07-26 06:59


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:23:43, on 29.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Creative\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=081209 serial=dr12wrx-0528354-geg lang=CZ
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7999 bytes

[Damned]

Vypínání je už noumální???

Pokud ne, dej si Zobrazit skryté a systémové soubory, najdi v C: soubor boot.ini a zkopíruj mi sem jeho obsah.

Pokud je vypínání v pořádku tak:

Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž
a zapni si AVG.)


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found,
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
pak klik empty selected.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Kdyby něco, tak se zastav.
Označ topic za vyřešený (zelená fajfka) a měj se.

[Hugouš]

Tak super, vypínání je už OK. Tak akorát doufám, že po další instalaci nějaké aplikace to nezačne opět dělat.

Dík moc za rady a pomoc.

Jirka